From bc66dfc5ce19fb038f5d87e7b07d5caf6740a965 Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Mon, 3 Aug 2015 12:49:27 -0700 Subject: [PATCH] [v9_10] add fetchlimit to README --- README | 28 +++++++++++++++++++++++++--- 1 file changed, 25 insertions(+), 3 deletions(-) diff --git a/README b/README index c1f9210a97..155bf79050 100644 --- a/README +++ b/README @@ -53,12 +53,34 @@ BIND 9 BIND 9.10.3 + BIND 9.10.3 is a maintenance release and addresses bugs + found in BIND 9.10.2 and earlier, as well as the security + flaws described in CVE-2015-4620 and CVE-2015-5477. + It also makes the following new features available: + + - New "fetchlimit" quotas are now available for the use of + recursive resolvers that are are under high query load for + domains whose authoritative servers are nonresponsive or are + experiencing a denial of service attack. + + + "fetches-per-server" limits the number of simultaneous queries + that can be sent to any single authoritative server. The + configured value is a starting point; it is automatically + adjusted downward if the server is partially or completely + non-responsive. The algorithm used to adjust the quota can be + configured via the "fetch-quota-params" option. + + "fetches-per-zone" limits the number of simultaneous queries + that can be sent for names within a single domain. (Note: + Unlike "fetches-per-server", this value is not self-tuning.) + + New stats counters have been added to count + queries spilled due to these quotas. + + NOTE: These features are NOT built in by default; use + "configure --enable-fetchlimit" to enable them. + - Dig now supports sending of arbitary EDNS options by specifying them on the command line. - This release addresses the security flaws described in - CVE-2015-4620 and CVE-2015-5477. - BIND 9.10.2 BIND 9.10.2 is a maintenance release and addresses bugs